Privacy Notice

We take the security and privacy of our
customers seriously and this policy sets out how we handle information about
you and your rights in respect of that information.

What information do we hold and how do we
obtain it?

Generally we receive information directly from
you when you place an order with us to buy our goods. Such information includes
your name, address, telephone number and
credit card details. You may also provide your email address if you sign up to
be notified from time to time about our future goods and services.

For our customers' protection, we always check a
certain percentage of our orders at random to confirm the details of the order
match those of the cardholder on file. For this reason, we may ask you for some
additional information. This would be a copy of the front and back of the card
used to make the purchase, or a copy of a photo ID such as a valid drivers
license or passport. We will also require some proof of address along with the
copy of the photo ID.

For
what purposes do we use your information?

We use your information for a number of purposes
including: - to perform our contractual obligations to you and to ensure that
goods are supplied to you as efficiently as possible - for other
non-contractual reasons.

Supplying goods to you

We may use your information:

· To identify
and maintain records of your purchases with us

· To ensure
that the goods and services we offer to you are appropriate for your needs

· To respond
to any query you may raise with us about our goods

· To update
our systems for providing you with an enhanced service

Other purposes

We will also use information about you for
purposes upon which the provision of our goods and services are not necessarily
dependent.

We may:

· Disclose
information about you to third party agencies for credit checking purposes
(which information may be shared with otherorganisations for the same purpose)

· Use
information about you to inform you (by post email or telephone) about other services
we offer or which are offered by other companies within our group or any of the
other companies with which we work

· Use
information about your account with us for our internal customer service
monitoring and training purposes

Transfers overseas

Please note that disclosures we may make may
take place via electronic means and may involve the transfer of personal data
relating to you to countries outside the European economic area, which
countries do not have in place adequate rules relating to data protection and
privacy of personal data.

Sale of our business

You acknowledge that data you provide to us may
be transferred to any person, firm or company to whom we sell the whole or a
substantial part of our business or to whom we transfer any of our rights or
obligations under a contract with you.

Taking care of your data

We will endeavour to
keep any information, which we hold, about you up to date and accurate. To help
us to do this, please keep us informed if any of your details change. See
further details listed below.

We will
at all time Endeavour to protect your data against unauthorised use.

Electronic
control of access to dataOnly authorised staff
should have access to data or information processing facilities.

The
following controls have been put in place:

· We
encrypt data maintained on our databases or files accessible via the Internet
as this is a common cause of compromise.

· Access
to our terminals is restricted and all processing departments are secure.

· We
operate a clean desk policy.

Computer
Viruses

The
following controls have been put in place:

· We
use anti-virus software developed by a reputable supplier.

· We
update anti-virus software regularly.

· We
use virus detection software to scan computers and media for known viruses.

· We
use virus repair software with caution and only where virus characteristics are
fully understood and the correct repair is certain.

· We
have banned unauthorised software.

· We
regularly review the software and data content of systems supporting critical
business processes.

· We
investigate the presence of unknown files or unauthorised amendments.

· We
virus check all media coming from outside the business.

· We
have a set procedure for reporting and recovering from virus attacks.

· We
have a business continuity plans for virus attacks, including data and software
back-up and recovery.

· We
keep security patches for software up to date.

· We
regularly test security systems and procedures.

· We
have installed and maintain a network firewall.

· We
encrypt data sent across networks.

E-mail

The following controls have been put inplace:

·We encrypt all data sent via E-mail.

·We ensure all e-mail is for business use only.

·We review and delete messages regularly.

·We securely archive any messages that need to
be retained off the server.

·We discourage the use of executable code
(‘exe’ files) received via e-mail.

If this is essential, we make sure that virus
detection and prevention measures are used.

·If alternate users work with the same
computer, we make sure that the alternate user cannot exceed their authority.

·We require employees to report any e-mail
abuse to the appropriate department or person.

·We preserve the confidentiality of any
sensitive information that is accidentally revealed to us.

·We keep e-mail records including a record of
deletions.

·We have implemented a stringent staff policy:

1) e-mail reviews are a condition of use (e.g. ‘the monitoring and review of
all email messages, sent and received, can occur at any time without notice’).

2) as part of employment policy, you may discipline employees for using
racial, religious, or sexual abuse, threatening, or discriminatory language via
company e-mail
3) e-mail users are personally responsible for the security of information in
their messages.

Telephone, Fax and Paper

Information that comes in
by telephone, by fax or in the post is handled with care.

· We collect and file securely all documents
that contain personal data, order information and or cardholder information,
such as order forms, carbons, fax printouts and paper copies of telephoned
orders.

· Documents are locked away securely after use.

· We make sure that staff handling telephone
sales, ask callers only for appropriate cardholder information.

If we believe that
cardholder information has been obtained by an unauthorised person or
company, this fact must be reported to Streamline and the appropriate
authorities as soon as possible together with details of all the account
numbers involved and all the circumstances of the compromise.